feat: Add var.task_execution_session_duration for task execution role

Author: itmustbejj

README.md

@@ -376,6 +376,7 @@ allow_github_webhooks        = true
 | <a name="input_start_timeout"></a> [start\_timeout](#input\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no |
 | <a name="input_stop_timeout"></a> [stop\_timeout](#input\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to use on all resources | `map(string)` | `{}` | no |
+| <a name="input_task_execution_session_duration"></a> [tags](#input\_task\_execution\_session\_duration) | Maximum session duration for ecs task execution role in hours | `number` | `1` | no |
 | <a name="input_trusted_entities"></a> [trusted\_entities](#input\_trusted\_entities) | A list of  users or roles, that can assume the task role | `list(string)` | `[]` | no |
 | <a name="input_trusted_principals"></a> [trusted\_principals](#input\_trusted\_principals) | A list of principals, in addition to ecs-tasks.amazonaws.com, that can assume the task role | `list(string)` | `[]` | no |
 | <a name="input_ulimits"></a> [ulimits](#input\_ulimits) | Container ulimit settings. This is a list of maps, where each map should contain "name", "hardLimit" and "softLimit" | <pre>list(object({<br>    name      = string<br>    hardLimit = number<br>    softLimit = number<br>  }))</pre> | `null` | no |

main.tf

@@ -436,6 +436,7 @@ data "aws_iam_policy_document" "ecs_tasks" {
 resource "aws_iam_role" "ecs_task_execution" {
   name                 = "${var.name}-ecs_task_execution"
   assume_role_policy   = data.aws_iam_policy_document.ecs_tasks.json
+  max_session_duration = var.task_execution_session_duration
   permissions_boundary = var.permissions_boundary
 
   tags = local.tags

variables.tf

@@ -672,3 +672,14 @@ variable "ephemeral_storage_size" {
     error_message = "The minimum supported value is 21 GiB and the maximum supported value is 200 GiB."
   }
 }
+
+variable "task_execution_session_duration" {
+  description = "Maximum session duration for ecs task execution role in hours."
+  type        = number
+  default     = 1
+
+  validation {
+    condition     = var.task_execution_session_duration >= 1 && var.task_execution_session_duration <= 12
+    error_message = "Valid session durations for an IAM role are between 1 and 12 hours."
+  }
+}